Skip to content

Commit

Permalink
fix: enable etcd consistency on check startup
Browse files Browse the repository at this point in the history
See:

- etcd-io/etcd#13766
- kubernetes/kubeadm#2676

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
  • Loading branch information
smira committed Mar 29, 2022
1 parent 65a31f7 commit ad6b7ec
Showing 1 changed file with 30 additions and 28 deletions.
58 changes: 30 additions & 28 deletions internal/app/machined/pkg/system/services/etcd.go
Original file line number Diff line number Diff line change
Expand Up @@ -486,20 +486,21 @@ func (e *Etcd) argsForInit(ctx context.Context, r runtime.Runtime) error {

// TODO(scm): see issue #2121 and description below in argsForControlPlane.
denyListArgs := argsbuilder.Args{
"name": hostname,
"auto-tls": "false",
"peer-auto-tls": "false",
"data-dir": constants.EtcdDataPath,
"listen-peer-urls": "https://" + net.FormatAddress(listenAddress) + ":2380",
"listen-client-urls": "https://" + net.FormatAddress(listenAddress) + ":2379",
"client-cert-auth": "true",
"cert-file": constants.KubernetesEtcdCert,
"key-file": constants.KubernetesEtcdKey,
"trusted-ca-file": constants.KubernetesEtcdCACert,
"peer-client-cert-auth": "true",
"peer-cert-file": constants.KubernetesEtcdPeerCert,
"peer-key-file": constants.KubernetesEtcdPeerKey,
"peer-trusted-ca-file": constants.KubernetesEtcdCACert,
"name": hostname,
"auto-tls": "false",
"peer-auto-tls": "false",
"data-dir": constants.EtcdDataPath,
"listen-peer-urls": "https://" + net.FormatAddress(listenAddress) + ":2380",
"listen-client-urls": "https://" + net.FormatAddress(listenAddress) + ":2379",
"client-cert-auth": "true",
"cert-file": constants.KubernetesEtcdCert,
"key-file": constants.KubernetesEtcdKey,
"trusted-ca-file": constants.KubernetesEtcdCACert,
"peer-client-cert-auth": "true",
"peer-cert-file": constants.KubernetesEtcdPeerCert,
"peer-key-file": constants.KubernetesEtcdPeerKey,
"peer-trusted-ca-file": constants.KubernetesEtcdCACert,
"experimental-initial-corrupt-check": "true",
}

extraArgs := argsbuilder.Args(r.Config().Cluster().Etcd().ExtraArgs())
Expand Down Expand Up @@ -571,20 +572,21 @@ func (e *Etcd) argsForControlPlane(ctx context.Context, r runtime.Runtime) error
}

denyListArgs := argsbuilder.Args{
"name": hostname,
"auto-tls": "false",
"peer-auto-tls": "false",
"data-dir": constants.EtcdDataPath,
"listen-peer-urls": "https://" + net.FormatAddress(listenAddress) + ":2380",
"listen-client-urls": "https://" + net.FormatAddress(listenAddress) + ":2379",
"client-cert-auth": "true",
"cert-file": constants.KubernetesEtcdPeerCert,
"key-file": constants.KubernetesEtcdPeerKey,
"trusted-ca-file": constants.KubernetesEtcdCACert,
"peer-client-cert-auth": "true",
"peer-cert-file": constants.KubernetesEtcdPeerCert,
"peer-key-file": constants.KubernetesEtcdPeerKey,
"peer-trusted-ca-file": constants.KubernetesEtcdCACert,
"name": hostname,
"auto-tls": "false",
"peer-auto-tls": "false",
"data-dir": constants.EtcdDataPath,
"listen-peer-urls": "https://" + net.FormatAddress(listenAddress) + ":2380",
"listen-client-urls": "https://" + net.FormatAddress(listenAddress) + ":2379",
"client-cert-auth": "true",
"cert-file": constants.KubernetesEtcdPeerCert,
"key-file": constants.KubernetesEtcdPeerKey,
"trusted-ca-file": constants.KubernetesEtcdCACert,
"peer-client-cert-auth": "true",
"peer-cert-file": constants.KubernetesEtcdPeerCert,
"peer-key-file": constants.KubernetesEtcdPeerKey,
"peer-trusted-ca-file": constants.KubernetesEtcdCACert,
"experimental-initial-corrupt-check": "true",
}

extraArgs := argsbuilder.Args(r.Config().Cluster().Etcd().ExtraArgs())
Expand Down

0 comments on commit ad6b7ec

Please sign in to comment.